Bezpecnost NFS
Petr Snajdr
snajdr na pvt.net
Úterý Červenec 22 16:29:45 CEST 1997
BTW: na teto adrese je Transparent Cryptographics System:
https://edu-gw.dia.unisa.it/
Uz asi 14 dni se tam snazim dostat, ale podarilo se mi to az dnes.
je tam dost strasne spojeni.
Question 1.1. What is TCFS?
TCFS is a Transparent Cryptographic File System that is a suitable
solution to the problem
of privacy for distributed file system. By a deeper integration
between the encryption service and the file system, it results in a
complete
trasparency of use to the user applications. Files are stored in
encrypted form and are decrypted before they are read.
The encryption/decryption process takes place on the client machine and
thus the ncryption/decryption key never travels on the network.
Question 1.2. How does TCFS works?
TCFS operates like NFS (Network File System). We added a new flag X
to make the file
secure (encrypted). A TCFS filesystem can be accessed by
applications using the same
system calls as NFS (open,read,write,...) whence the name
transparent. Blocks of data are
correctly decrypted only if the right key is available to the
kernel.
Question 1.3 On which platforms does it run?
Currently, TCFS works only on Linux Boxes (Kernel version 2.0.x).
We are working to port TCFS under Digital Unix (tm) and BSD (tm).
[...]
Question 1.7. Is TCFS suitable for encrypting file systems on
non-networked machines - ie, just a stand-alone system?
Sure, TCFS is a kernel modules and operates like NFS, so you can
use it on a standalone machine like you could do with NFS. One
needs only to compile the kernel with TCFS file
system support, to export a directory on the client to itself and
run NFSD and XATTRD (a
special daemon required for TCFS).
[...]
Question 1.13. Is TCFS commercial?
Currently TCFS is released under the Gnu's Public License which
means that you may
copy, modify, distribute TCFS for free. For more details, read the
file COPYING in the
sorce directory of TCFS.
TCFS will be commercial no sooner than release n-th.0.0 :). To give
you an idea, the
current release is 2.0.1 and we areplanning to release TCFS 2.1.0
(within the end on 1997).
[...]
Question 2.1. How are files encrypted?
TCFS uses a CBC-DES engine to encrypt. We chose DES because it is
fast, well studied,
and standard. [See Q1.9 'Is TCFS as secure as CFS?']
Since TCFS 2.0.1 release, IDEA and RC5 cryptographic engines were
added in the
package; now you can choice, at compilation time, which engine to
use to cypher yuor
datas.
We are planing TCFS to be able to use different engines at run
time.
Vice na: https://edu-gw.dia.unisa.it/tcfs-faq.html
( pokud se tam dostanete :-(((
S pozdravem
Petr Snajdr
Další informace o konferenci Linux